ARP scanning bug in nmap?

["RaMatkal" <RaMatkal () hotmail com>]

Firstly, great work on nmap!!

I was performing a pen-test on a clients network a few days ago and was having a few problems with nmap 4.00.....

i was sitting on the same subnet as a wireless device i was trying to scan....

wireless ip was something like 10.51.20.20/16

and my ip was 10.51.25.25/16 though i was not attached to the wireless network....

I could ping the wireless device with no problems but when i tried to scan the device with the usual nmap -sS -vv -O it 
came back with an error saying no ARP replies were found...

I think i read somewhere that the new version of nmap first does an ARP scan if the device u want to scan sits on the 
same local network (which i was)....but for some reason nmap was not recognising the ARP responses.....(i wander if 
this has to do with the fact that i was on the same subnet as the wireless device but i was not attached to the 
wireless network...ie maybe only the access point replies to the ARP requests when it is attached to a switch and not 
the wireless devices communicating through it...)

anyways, i tried using the -P0 to turn off the Ping and ARP scan but nmap still could not scan the device and said an 
ARP response was not returned from the device....

in short i tried several methods to scan the device but all failed with the same error...

However, when i scanned the device with Nessus i had no problems....several open ports were found...

Is there a way to switch off the ARP scan like you can switch off the ping scan with -P0

Thanks very much...sorry for the long email, and great work again!

RaMatkal


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev